Export limit exceeded: 357871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4431 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5797 | 1 Apache | 1 Geronimo | 2026-04-23 | N/A |
| SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | ||||
| CVE-2009-4447 | 1 Jax Scripts | 1 Jax Guestbook | 2026-04-23 | N/A |
| Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php. | ||||
| CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2026-04-23 | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | ||||
| CVE-2008-1262 | 1 Airspan | 1 Wimax Prost | 2026-04-23 | N/A |
| The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/. | ||||
| CVE-2008-0229 | 1 Level One | 1 Wbr-3460a | 2026-04-23 | N/A |
| The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access. | ||||
| CVE-2008-3407 | 1 Phplinkat | 1 Phplinkat | 2026-04-23 | N/A |
| phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie. | ||||
| CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2026-04-23 | N/A |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | ||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | ||||
| CVE-2008-5880 | 1 Gobbl | 1 Gobbl Cms | 2026-04-23 | N/A |
| admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | ||||
| CVE-2008-3321 | 1 Maian Script World | 1 Maian Uploader | 2026-04-23 | N/A |
| admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | ||||
| CVE-2008-5042 | 1 Zeeways | 1 Photovideotube | 2026-04-23 | N/A |
| Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php. | ||||
| CVE-2009-0046 | 1 Sun | 1 Grid Engine | 2026-04-23 | N/A |
| Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2008-2516 | 1 Libpam-pgsql | 1 Libpam-pgsql | 2026-04-23 | N/A |
| pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration. | ||||
| CVE-2008-6717 | 1 Uochm | 1 Signup | 2026-04-23 | N/A |
| U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php. | ||||
| CVE-2009-0129 | 1 Perl-openssl | 1 Libcrypt-openssl-dsa-perl | 2026-04-23 | N/A |
| libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2008-1727 | 1 Myknowledgequest | 1 Knowledgequest | 2026-04-23 | N/A |
| KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | ||||
| CVE-2008-3322 | 1 Maian | 1 Recipe | 2026-04-23 | N/A |
| admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | ||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2026-04-23 | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | ||||
| CVE-2009-1825 | 1 Collector | 1 Mycolex | 2026-04-23 | N/A |
| modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | ||||
| CVE-2008-5809 | 1 Futomi | 1 Access Analyzer Cgi | 2026-04-23 | N/A |
| futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. | ||||